Thanks a lot for helping me out with this. I really appreciate it. I saw a lot of other people using combofix, so I ran it last night. Anyway, I used the cclean, then ran combofix again and hijack this. all the logs are below:
cclean:
<no name>
Adobe Acrobat Reader 5.0.5
Adobe Flash Player 9 ActiveX
America Online
aspi
CCHelp
CCleaner (remove only)
CCScore
Cisco Systems VPN Client 5.0.01.0600
Compaq A3000
CorporateTime 6.0
CR2
Dell ResourceCD
Easy CD Creator 5 Basic
EndNote 9
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSTUTOR
ESSvpaht
ESSvpot
Eudora 5.1.3
FileZilla 1.9.9
FRED
Google Toolbar for Internet Explorer
Google Updater
HeartCode Inhospital
HijackThis 1.99.1
Hummingbird HostExplorer
Intel® Extreme Graphics Driver
Intel® PRO Ethernet Adapter and Software
Intercooled Stata 8 for Windows
Internet Explorer Q831167
ISI ResearchSoft - Export Helper
J2SE Runtime Environment 5.0 Update 1
Java 2 Runtime Environment Standard Edition v1.3.1_05
JMPIN
Juniper Networks Secure Application Manager
Kaspersky Online Scanner
Kodak EasyShare software
KODAK Picture CD
KSU
Leash32 2.1.2 for Windows
LimeWire 4.8.1
LiveUpdate 1.7 (Symantec Corporation)
Macromedia Shockwave Player
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft ActiveSync 3.7
Microsoft Data Access Components KB870669
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft Office XP Professional with FrontPage
Microsoft Text-to-Speech Engine 4.0 (English)
Mozilla Firefox (2.0.0.11)
Netscape 6.2.3
Nortel Networks Contivity VPN Client
Norton AntiVirus Corporate Edition
Notifier
NVIDIA Windows 2000/XP Display Drivers
Oracle JInitiator 1.1.8.11
OTtBP
Outlook Express Q837009
PCDLNCH
PowerDVD
program files
QuickTime
RealPlayer Basic
SecureCRT 3.4.6
SFR
SFR2
SoundMAX
SoundMAX WDM Driver
Spyware Doctor 5.5
Ulead Photo Express 4.0 My Custom Edition
Verizon Online
Verizon Online Support Center
Viewpoint Media Player (Remove Only)
WebFldrs XP
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player Hotfix [See wm828026 for more information]
Windows XP Hotfix - KB810217
Windows XP Hotfix - KB821557
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB823980
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB824146
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix (SP2) [See Q329048 for more information]
Windows XP Hotfix (SP2) [See Q329115 for more information]
Windows XP Hotfix (SP2) [See Q329390 for more information]
Windows XP Hotfix (SP2) [See Q329834 for more information]
Windows XP Hotfix (SP2) Q328310
Windows XP Hotfix (SP2) Q329170
Windows XP Hotfix (SP2) Q329441
Windows XP Hotfix (SP2) Q331953
Windows XP Hotfix (SP2) Q810565
Windows XP Hotfix (SP2) Q810577
Windows XP Hotfix (SP2) Q810833
Windows XP Hotfix (SP2) Q811493
Windows XP Hotfix (SP2) Q814033
Windows XP Hotfix (SP2) Q815021
Windows XP Hotfix (SP2) Q817287
Windows XP Hotfix (SP2) Q817606
Windows XP Hotfix (SP2) Q819696
Windows XP Service Pack 1 (1033)
WinVNC 3.3.3
ComboFix 08-02-18.1 - Megan Wolfe 2008-02-18 14:11:12.3 - NTFSx86
Running from: C:\Documents and Settings\Megan Wolfe\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-01-18 to 2008-02-18 )))))))))))))))))))))))))))))))
.
2008-02-18 13:51 . 2008-02-18 13:51 <DIR> d-------- C:\Program Files\CCleaner
2008-02-18 07:43 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-18 07:43 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-17 23:03 . 2008-02-17 23:03 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-17 23:03 . 2008-02-17 23:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-17 22:01 . 2008-02-17 22:01 <DIR> d-------- C:\Documents and Settings\Megan Wolfe\Application Data\Talkback
2008-02-17 08:53 . 2008-02-18 13:25 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-17 08:52 . 2008-02-18 13:33 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-02-17 08:52 . 2008-02-17 08:52 <DIR> d-------- C:\Documents and Settings\Megan Wolfe\Application Data\PC Tools
2008-02-17 08:52 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-02-17 08:52 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-02-17 08:52 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-02-17 08:52 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-02-17 08:47 . 2008-02-17 22:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-17 01:17 . 2008-02-17 01:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Juniper Networks
2008-02-17 00:44 . 2008-02-17 07:40 2,042 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-17 00:43 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-02-17 00:43 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-02-17 00:43 . 2008-02-16 19:46 85,504 --a------ C:\WINDOWS\system32\VACFix.exe
2008-02-17 00:43 . 2008-02-08 10:37 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-02-17 00:43 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-02-17 00:43 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-17 00:43 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-16 22:41 . 2008-02-16 22:41 181,965 --a------ C:\WINDOWS\system32\L63DB.tmp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-18 02:35 --------- d-----w C:\Program Files\UPHS VPN
2008-02-17 23:57 --------- d-----w C:\Program Files\NavNT
2008-02-17 15:12 --------- d-----w C:\Program Files\Google
2008-02-17 15:00 145,408 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe
2008-02-17 13:29 145,408 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\MSConfig .exe
2008-02-17 03:49 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-02-15 02:00 --------- d-----w C:\Documents and Settings\Megan Wolfe\Application Data\EndNote
2008-01-15 22:50 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Juniper Networks
2008-01-14 03:31 --------- d-----w C:\Documents and Settings\Megan Wolfe\Application Data\Viewpoint
2008-01-14 03:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-12 16:17 --------- d-----w C:\Documents and Settings\Megan Wolfe\Application Data\ICAClient
2008-01-12 16:16 --------- d-----w C:\Program Files\Neoteris
2008-01-12 16:16 --------- d-----w C:\Documents and Settings\Megan Wolfe\Application Data\Juniper Networks
2004-01-24 04:07 20,040 -c--a-w C:\Documents and Settings\Megan Wolfe\Application Data\GDIPFONTCACHEV1.DAT
2003-01-15 14:29 1,816 -c--a-w C:\Program Files\INSTALL.LOG
.
<pre>
----a-w 145,408 2008-02-17 13:29:10 C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\MSConfig .exe
</pre>
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="C:\Program Files\NavNT\vptray.exe" [ ]
"QuickTime Task"="C:\WINDOWS\System32\qttask.exe" [ ]
"WinVNC"="C:\vnc\WinVNC.exe" [ ]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [ ]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [ ]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-06-24 18:32 4800512]
"CTPDPSRV"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CTPDPSRV.EXE" [ ]
"Motive SmartBridge"="C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe" [ ]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [ ]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2008-02-17 10:00 145408]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Compaq A3000 Settings Utility.lnk - C:\Program Files\Compaq A3000\CPQA3000.exe [2004-05-21 10:33:49 1142784]
Verizon Online Support Center.lnk - C:\Program Files\Verizon Online\bin\matcli.exe [2005-07-14 18:35:36 204800]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\Program Files\Qualcomm\Eudora\EuShlExt.dll [2002-04-04 14:00 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-583907252-1708537768-1417001333-13306\Scripts\Logon\
0\
0]
"Script"=\\med.upenn.edu\netlogon\audit.cmd
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 7.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 7.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 7.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=C:\WINDOWS\pss\VPN Client.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acut]
C:\DOCUME~1\MEGANW~1\APPLIC~1\FNTS~1\wuauboot.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a--c--- 2002-10-02 17:41 684032 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
c:\program files\altnet\points manager\points manager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HaertCodeUpdateAgent]
--a------ 2003-11-03 02:11 954507 D:\Program Files\HeartCode Inhospital\UpdateAgent\HeartCodeUpdateAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
C:\Program Files\Spyware Doctor\pctsTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\System32\ddcdc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
--a--c--- 2001-07-25 09:00 241714 C:\Program Files\Microsoft Money\System\Activation.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetZero_uoltray]
C:\Program Files\NetZero\exec.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a--c--- 2003-06-24 18:32 323584 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a--c--- 2003-08-13 18:37 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchUpgrader]
C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spc_w]
C:\Program Files\NZSearch\nzspc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2004-12-06 20:31 36975 C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trickler]
c:\windows\temp\adware\fsg_4104.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zrhrpzqr]
C:\WINDOWS\F?nts\j?vaw.exe
R1 NEOFLTR_530_10641;Juniper Networks TDI Filter Driver (NEOFLTR_530_10641);C:\WINDOWS\System32\Drivers\NEOFLTR_530_10641.SYS [2006-04-27 00:40]
R3 Eacfilt;Eacfilt Miniport;C:\WINDOWS\System32\DRIVERS\eacfilt.sys [2002-04-22 13:50]
R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\System32\DRIVERS\ipsecw2k.sys [2002-04-30 22:16]
R3 maestro;ESS Maestro 3 Audio Driver (WDM);C:\WINDOWS\System32\drivers\es198x.sys [2001-08-17 11:19]
S2 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\System32\DRIVERS\ipsecw2k.sys [2002-04-30 22:16]
S3 ati2mpaa;ati2mpaa;C:\WINDOWS\System32\DRIVERS\ati2mpaa.sys [2001-08-17 07:48]
S3 gUSBSTOi;gUSBSTOi;C:\DOCUME~1\MEGANW~1\LOCALS~1\Temp\gUSBSTOi.sys []
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-02-18 14:15:20
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\System32\NavLogon.dll
.
Completion time: 2008-02-18 14:18:13
ComboFix-quarantined-files.txt 2008-02-18 19:18:05
ComboFix2.txt 2008-02-18 00:32:47
.
2008-02-18 02:10:04 --- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 2:19:34 PM, on 2/18/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Compaq A3000\CPQA3000.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\WINDOWS\explorer.exe
D:\Phillip\Virus stuff\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.upenn.edu/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://windowsupdate.microsoft.com/
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape6%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Megan Wolfe\Application Data\Mozilla\Profiles\default\g88i87zx.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\ActiveX\ACROIE~1.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll (file missing)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [WinVNC] "C:\vnc\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CTPDPSRV.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Compaq A3000 Settings Utility.lnk = C:\Program Files\Compaq A3000\CPQA3000.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\samnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\samnsp.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\PLUGINS\NPDocBox.dll
O15 - Trusted Zone:
http://mwebpah.uphs.upenn.edu
O16 - DPF: Cab-package -
http://uphsnet.uphs....vex/mv_cert.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.mi...b?1203260859339
O16 - DPF: {6FE450DC-AD32-48D4-A366-01EE7E0B1374} -
http://uphsnet.uphs....vex/capicom.cab
O16 - DPF: {86ecb6a0-400a-11d5-b638-00c04faedb18} -
O16 - DPF: {A8B3A7FE-9C8D-4F15-9B01-8805BDF43B1B} (AMI Pictorial Control CWeb 2.1 SPa06) -
http://cenweb.uphs.u...l/amiviewer.cab
O16 - DPF: {D98F5BFB-D1E2-428F-B415-64DE948DE12D} -
http://cenweb.uphs.u...l/amiviewer.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetup Control) -
https://extranet.uph...uniperSetup.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E7477E7-86C8-42C2-8695-D412071F139F}: NameServer = 71.242.0.12 71.250.0.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7E1ACC9-8671-4D19-89D9-53388D88E34A}: NameServer = 128.91.2.13,128.91.254.1,128.91.254.4
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\vnc\WinVNC.exe" -service (file missing)